Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is using the ARC4 (RC4) cipher for encryption, which is considered insecure due to serious weaknesses that allow attackers to break its encryption. ARC4 should not be used for protecting sensitive data.
Impact#
If ARC4 is used, attackers may be able to decrypt, modify, or forge encrypted data, leading to data breaches, unauthorized access, or exposure of confidential information. This can compromise the security and integrity of your application and users’ data.